Cyber Defense eMagazine February Edition for 2023
Cyber Defense eMagazine February Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine February Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
companies. This is partly because the chains ’complexity has dramatically increased in recent<br />
years. and because there is no easy way <strong>for</strong> organizations to measure and quantify supply chain<br />
risks adequately.<br />
But many initiatives are gaining momentum, and we should see adoption strengthen in <strong>2023</strong> with<br />
best practices such as software bill of materials (SBOMs), guidances such as NIST’s<br />
<strong>Cyber</strong>security Supply Chain Risk Management (C-SCRM), or frameworks like Google’s Security<br />
Levels <strong>for</strong> Software Artifacts (SLSA) and Microsoft’s Supply Chain Consumption Framework<br />
(S2C2F).<br />
Supply chain security requires a holistic approach that shifts away from one-time third-party<br />
assessments to real-time monitoring of third-party risks and vulnerabilities in packaged software<br />
and firmware components. All these tools and frameworks converge toward the same objective:<br />
provide transparency on all sides (software producers & consumers), and allow the investigation<br />
of dependencies in the broadest sense (packages, vendors, registries, plat<strong>for</strong>ms etc.).<br />
●<br />
Open-source security will be front and center on the security radar<br />
Among the various supply chain security concerns, open-source governance is certainly the most<br />
urgent to implement <strong>for</strong> organizations. The 2021 Apache Log4j vulnerability was a wake-up call<br />
<strong>for</strong> many, as it reminded us that the security of enterprise software depends on the security of the<br />
open-source components on which they are based.<br />
Malicious actors can still easily hijack open-source packages, or even weaponized by maintainers<br />
themselves. In <strong>2023</strong>, application security teams will focus on inventorying the OSS components<br />
used in the software factories and using tools such as Software Composition Analysis to decide<br />
if they should keep them.<br />
●<br />
Cloud security products and technology will accelerate<br />
The growth of cloud services and the rise of DevOps create new opportunities <strong>for</strong> organizations.<br />
However, as these deployments mature and more data and business functions are hosted in the<br />
cloud, there is growing awareness that costly regulatory mistakes and damaging cyberattacks<br />
can undo the benefits if security is not integrated into the trans<strong>for</strong>mation process.<br />
As the principles of shared responsibility and zero trust become more familiar, we will see an<br />
acceleration of security products at the intersection of cloud-based architectures and "secure-bydesign"<br />
processes, which will focus on improving the developer experience and building greater<br />
confidence.<br />
●<br />
<strong>Cyber</strong>security will become a business imperative across governing boards<br />
As cyber threats continue to evolve and become more sophisticated, the role of the board of<br />
directors in overseeing cyber risk is becoming increasingly important. By prioritizing customer<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>February</strong> <strong>2023</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.